Publishing details

Published on 2023-07-19
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Fabian Toepfer

Changelog

connman (1.36-2ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/dnsproxy-Add-length-checks-to-prevent-buffer-overflo.patch:
      Add length checks to prevent buffer overflow.
    - CVE-2021-26675
  * SECURITY UPDATE: Sensitive information exposure
    - debian/patches/gdhcp-Avoid-reading-invalid-data-in-dhcp_get_option.patch:
      Avoid reading invalid data in dhcp_get_option
    - debian/patches/gdhcp-Avoid-leaking-stack-data-via-unitiialized-vari.patch:
      Avoid leaking stack data via unitiialized variable.
    - CVE-2021-26676
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/dnsproxy-Check-the-length-of-buffers-before-memcpy.patch:
      Check the length of buffers before memcpy.
    - CVE-2021-33833
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/dnsproxy-Simplify-udp_server_event.patch:
      Simplify udp_server_event()
    - debian/patches/dnsproxy-Validate-input-data-before-using-them.patch:
      Validate input data before using them.
    - CVE-2022-23096
    - CVE-2022-23097
  * SECURITY UPDATE: Denial-of-service
    - debian/patches/dnsproxy-Avoid-100-busy-loop-in-TCP-server-case.patch:
      Avoid 100 % busy loop in TCP server case.
    - debian/patches/dnsproxy-Keep-timeout-in-TCP-case-even-after-connect.patch:
      Keep timeout in TCP case even after connection is established.
    - CVE-2022-23098
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/gweb-Fix-OOB-write-in-received_data.patch: Fix OOB
      write in received_data().
    - CVE-2022-32292
  * SECURITY UPDATE: Use-after-free
    - debian/patches/wispr-Add-reference-counter-to-portal-context.patch:
      Add reference counter to portal context.
    - debian/patches/wispr-Update-portal-context-references.patch: Update
      portal context references.
    - CVE-2022-32293
  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2023-28488.patch: Verify and sanitize packet
      length first.
    - CVE-2023-28488

 -- Fabian Toepfer <email address hidden>  Tue, 27 Jun 2023 16:39:51 +0200

Available diffs

diff from 1.36-2build1 (in Ubuntu) to 1.36-2ubuntu0.1 (9.8 KiB)

Builds

Built packages

connman Intel Connection Manager daemon

connman-dbgsym debug symbols for connman

connman-dev Development files for connman

connman-doc ConnMan documentation

connman-vpn Intel Connection Manager daemon - VPN daemon

connman-vpn-dbgsym debug symbols for connman-vpn

Package files

connman-dbgsym_1.36-2ubuntu0.1_amd64.ddeb (1.4 MiB)
connman-dbgsym_1.36-2ubuntu0.1_arm64.ddeb (1.4 MiB)
connman-dbgsym_1.36-2ubuntu0.1_armhf.ddeb (1.4 MiB)
connman-dbgsym_1.36-2ubuntu0.1_ppc64el.ddeb (1.6 MiB)
connman-dbgsym_1.36-2ubuntu0.1_riscv64.ddeb (1.4 MiB)
connman-dbgsym_1.36-2ubuntu0.1_s390x.ddeb (1.5 MiB)
connman-dev_1.36-2ubuntu0.1_amd64.deb (11.6 KiB)
connman-dev_1.36-2ubuntu0.1_arm64.deb (11.6 KiB)
connman-dev_1.36-2ubuntu0.1_armhf.deb (11.6 KiB)
connman-dev_1.36-2ubuntu0.1_ppc64el.deb (11.6 KiB)
connman-dev_1.36-2ubuntu0.1_riscv64.deb (11.6 KiB)
connman-dev_1.36-2ubuntu0.1_s390x.deb (11.6 KiB)
connman-doc_1.36-2ubuntu0.1_all.deb (48.1 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_amd64.ddeb (458.8 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_arm64.ddeb (457.2 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_armhf.ddeb (449.8 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_ppc64el.ddeb (501.4 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_riscv64.ddeb (449.9 KiB)
connman-vpn-dbgsym_1.36-2ubuntu0.1_s390x.ddeb (459.5 KiB)
connman-vpn_1.36-2ubuntu0.1_amd64.deb (109.7 KiB)
connman-vpn_1.36-2ubuntu0.1_arm64.deb (105.1 KiB)
connman-vpn_1.36-2ubuntu0.1_armhf.deb (94.7 KiB)
connman-vpn_1.36-2ubuntu0.1_ppc64el.deb (126.1 KiB)
connman-vpn_1.36-2ubuntu0.1_riscv64.deb (95.0 KiB)
connman-vpn_1.36-2ubuntu0.1_s390x.deb (99.6 KiB)
connman_1.36-2ubuntu0.1.debian.tar.xz (21.0 KiB)
connman_1.36-2ubuntu0.1.dsc (2.3 KiB)
connman_1.36-2ubuntu0.1_amd64.deb (383.8 KiB)
connman_1.36-2ubuntu0.1_arm64.deb (356.4 KiB)
connman_1.36-2ubuntu0.1_armhf.deb (331.3 KiB)
connman_1.36-2ubuntu0.1_ppc64el.deb (428.9 KiB)
connman_1.36-2ubuntu0.1_riscv64.deb (327.6 KiB)
connman_1.36-2ubuntu0.1_s390x.deb (340.2 KiB)
connman_1.36.orig.tar.xz (676.4 KiB)